Facebook's 2FA security measure does more harm than good but there is a workaround
3 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
2FA or the Two-factor authentication is a security measure that requires your phone number so as to make sure that it is you who is making a log-in attempt on a different device or from a different location. While it is not the only way to pursue the Two-factor authentication, most of us follow the above way.
Pretty much all the companies that deal with user data often encourage users to opt-in Two-factor authentication(2FA). This advanced security measure push hackers to their limits thus eliminating the likelihood of your personal data getting into the hand of people with ill-motive.
Sadly, the same can’t be said about Facebook.
Ironically, Facebook’s Two-factor authentication does more harm than good. The phone number that you put up on the platform can be used to look up your Facebook profile. Worse, people who are not even on Facebook can perform the same stunt. And the worst part of the story is you in no way can opt-out of this.
It is worth noting that Facebook set the ”look up” settings to Everyone by default. Facebook says it’s done so to make sure you find people you know but aren’t yet friends with.
On his Twitter, Jeremy Burge criticised Facebook for the alleged misuse of users’ personal information. He said, “For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there’s no way to disable that.”
https://twitter.com/jeremyburge/status/1101402001907372032?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1101402001907372032&ref_url=https%3A%2F%2Ftechcrunch.com%2F2019%2F03%2F03%2Ffacebook-phone-number-look-up%2F
Unlike previous revelations about their system weaknesses, it seems Facebook was very much aware of the entire scenario and kept quiet. A Facebook spokesperson told TechCrunch that the settings are “not new” and went on adding that, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.”
Quoting the above tweet, security expert and academic Zeynep Tufekci said, “Using security to further weaken privacy is a lousy move—especially since phone numbers can be hijacked to weaken security.”
See thread! Using security to further weaken privacy is a lousy move—especially since phone numbers can be hijacked to weaken security. Putting people at risk. What say you @facebook? https://t.co/9qKtTodkRD
— zeynep tufekci (@zeynep) March 2, 2019
Thankfully, Facebook took the users’ concern seriously and said, “We appreciate the feedback we’ve received about these settings and will take it into account.”However, it refused to comment on exactly how it is going to combat the issue.
Way to protect yourself
Although not a complete solution but Facebook does give some solution to lessen the potential impact it can have. Concerned users should set their Facebook “look up” settings to ”Friends”.
